<?php
session_start();
//SQL LOGIN

$db_host = 'localhost';
$db_user = 'pepgsou_admin';
$db_pwd = '_20pepg09';
$database = 'pepgsou_main';
$table = 'JL';
if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");

if (!mysql_select_db($database))
    die("Can't select database");


	$initTitle = "South Salem High School - Login";

$style="<link href=\"http://www.southsaxons.com/sshs.css\" rel=\"stylesheet\" type=\"text/css\" /><style>\n .opacityFont {\n filter:alpha(opacity=75);\n -moz-opacity:.75; \n opacity:.75; \n } \n .opacity {\n background-color: #FFF;\n filter:alpha(opacity=75);\n -moz-opacity:.75;\n opacity:.75;\n border: 1px solid #000;\n color: #000;\n }\n </style>";
echo "<HTML><HEAD><TITLE>$initTitle</TITLE>$style</HEAD>";
$bodyArgs = array();
$bodyProps = array();
$initBody = "";
for ($i=0; $i<count($bodyArgs); $i++)
{
	$initBody = "$initBody $bodyArgs[$i]=$bodyProps[$i]";
}

echo "<BODY$initBody><a name=\"top\"></a>";
?>

<? 
echo "<center><b><br>";
$username = $_POST["username"];
$password = $_POST["password"];
$end = "Click <a href=\"SQL2.php\">here</a> to continue.</b></center>";
if (isset($_POST["rpwd"]))
{
	$np = $_POST["password"];
	
	mysql_query("UPDATE students SET pwd='$np' WHERE id='$username' AND last_name='$rpwd'");
	echo "Password updated.<br><br>";
}


$q = mysql_query("SELECT * FROM students WHERE id='$username'"); 
if (mysql_numrows($q)>0)
{
	$correctpassword = mysql_result($q, 0, "pwd");
	if (($correctpassword=="")&($password==mysql_result($q, 0, "last_name")))
	{
		echo "<form action=\"?\" method=\"post\">";
		echo "Please select a new password:<br><br>";
		echo "<input type=\"password\" name=\"password\"><br>";
		echo "<input type=\"hidden\" name=\"username\" value=\"$username\">";
		echo "<input type=\"hidden\" name=\"rpwd\" value=\"$password\">";
		echo "<input type=\"Submit\" value=\"Submit\">";
		echo "</form>";
		$end = "";
	} else if ($correctpassword=="") {
		echo "Incorrect Password<br><br>";
	} else if ($password==$correctpassword) {
		echo "Login Complete!<br><br>";
		$_SESSION["username"] = $username;
		$_SESSION["password"] = $password;
	} else {
		echo "Incorrect Password<br>";
	}
} else {
	echo "Incorrect Login Name<br>";
}
echo $end;
?>
<?
echo "</BODY>";
echo "</HTML>";
?>
